CVE-2024-13530
📋 TL;DR
This vulnerability in the WordPress Login Page Styler plugin allows authenticated attackers with Subscriber-level access or higher to delete login logs and end user sessions without proper authorization. It affects all versions up to and including 7.1.1. Attackers can disrupt security monitoring and user sessions on vulnerable WordPress sites.
💻 Affected Systems
- WordPress Login Page Styler plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers delete all security logs to cover tracks after a breach, then forcibly log out administrators to prevent response while maintaining unauthorized access.
Likely Case
Malicious users delete their own login logs to hide unauthorized access attempts or disrupt legitimate user sessions.
If Mitigated
With proper user role management and monitoring, impact is limited to minor disruption of specific user sessions.
🎯 Exploit Status
Exploitation requires authenticated access but uses simple API calls. The vulnerability is well-documented in public advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.1.2
Vendor Advisory: https://wordpress.org/plugins/login-page-styler/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Login Page Styler' and click 'Update Now'. 4. Verify version shows 7.1.2 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Login Page Styler plugin until patched
wp plugin deactivate login-page-styler
Restrict user roles
linuxRemove Subscriber role from untrusted users and limit higher-privilege accounts
wp user list --role=subscriber --field=ID | xargs wp user set-role {ID} none
🧯 If You Can't Patch
- Implement strict user role management with minimal Subscriber accounts
- Enable comprehensive logging and monitoring for suspicious session termination or log deletion events
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Login Page Styler → Version. If version is 7.1.1 or lower, system is vulnerable.Check Version:
wp plugin get login-page-styler --field=versionVerify Fix Applied:
Verify plugin version shows 7.1.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unexpected deletion of login logs
- Multiple user sessions ending simultaneously from non-admin accounts
- POST requests to */wp-admin/admin-ajax.php* with action parameters containing 'lps_handle_delete' or 'lps_handle_end_session'
Network Indicators:
- HTTP POST requests to admin-ajax.php with suspicious action parameters from low-privilege user accounts
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND (http_method="POST" AND (form_data.action CONTAINS "lps_handle_delete" OR form_data.action CONTAINS "lps_handle_end_session")))🔗 References
- https://plugins.trac.wordpress.org/browser/login-page-styler/tags/7.1.2/loginPageStylerLogSettings.php#L111
- https://plugins.trac.wordpress.org/browser/login-page-styler/tags/7.1.2/loginPageStylerLogSettings.php#L122
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3232237%40login-page-styler&new=3232237%40login-page-styler&sfp_email=&sfph_mail=
- https://wordpress.org/plugins/login-page-styler
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a143d611-9e22-49d1-9a9f-12f1c45685c4?source=cve
